package com.ternnetwork.security.core.userdetails;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import javax.annotation.Resource;

import org.apache.log4j.Logger;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
//import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;

import com.ternnetwork.core.dao.UserDao;
import com.ternnetwork.core.entity.RescRole;
import com.ternnetwork.core.entity.Resources;
import com.ternnetwork.core.entity.UserRole;
import com.ternnetwork.core.enums.RoleType;







//2

public class UserDetailServiceImpl implements UserDetailsService {
	
	private static final Logger log = Logger.getLogger(UserDetailServiceImpl.class);

	
	@Resource
	private UserDao userDao;

	
	

	//登录验证
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		log.info("登录用户名：" + username);
		
		com.ternnetwork.core.entity.User users = this.userDao.findByName(username);
		
		
		Collection<GrantedAuthority> grantedAuths = obtionGrantedAuthorities(users);
		
		updateUserStatus(users);
		
		boolean enables = (users.getEnable()==null?true:users.getEnable());
		boolean accountNonExpired =users.getAccountNonExpired();
		boolean credentialsNonExpired =users.getCredentialsNonExpired();
		boolean accountNonLocked =users.getAccountNonLocked();
		//封装成spring security的user
		User userdetail = new User(users.getName(), users.getPassword(), enables, accountNonExpired, credentialsNonExpired, accountNonLocked, grantedAuths);
		return userdetail;
	}
	
	private void updateUserStatus(com.ternnetwork.core.entity.User user){
		Date currentDate=new Date();
		if(user.getAccountExpiredTime()!=null&&(currentDate.getTime()>user.getAccountExpiredTime().getTime())){
			user.setAccountNonExpired(false);
		}else{
			user.setAccountNonExpired(true);
		}
		if(user.getCredentialsExpiredTime()!=null&&(currentDate.getTime()>user.getCredentialsExpiredTime().getTime())){
			user.setCredentialsNonExpired(false);
		}else{
			user.setCredentialsNonExpired(true);
		}
		userDao.saveOrUpdate(user);
	}
	
	//取得用户的权限
	private Set<GrantedAuthority> obtionGrantedAuthorities(com.ternnetwork.core.entity.User user) {
		Set<GrantedAuthority> authSet = new HashSet<GrantedAuthority>();
	    List<Resources> resources=getUserResources(user);
		for(Resources res : resources) {
			authSet.add(new SimpleGrantedAuthority(res.getNameEn()));
		}
		return authSet;
	}
	
	private List<Resources> getUserResources(com.ternnetwork.core.entity.User user){
		List<Resources> resources=new ArrayList<Resources>();
		for(UserRole userRole:user.getUserRoles()){
			for(RescRole rescRole:userRole.getRole().getRescRoles()){
				if(!StringUtils.isEmpty(rescRole.getResources().getUrl())&&!rescRole.getResources().getRoleType().equals(RoleType.APP)){
					resources.add(rescRole.getResources());
				}
			}
		}
		return resources;
	}
}
